PhoenixNAP

This section is for installing Pritunl Cloud on PhoenixNAP if you are using Azure or another provider skip to the next section.

Create IP Allocations

After creating an account on PhoenixNAP BMC first create a public IP allocation. These IPv4 addresses will be available to assign to instances in Pritunl Cloud. Open Networking -> Public IP Allocations then click Add a Public IP Allocation. Set the Location then set the Version to IPv4 and select a size. The minimum useful size is a /29 as the Pritunl Cloud host will need the first IP address. This IPv4 assignment will be shared between all servers in the region.

Then click Add a Public IP Allocation again and create a IPv6 allocation in the same location. There is currently a bug with IPv6 networks on PhoenixNAP. This step must be completed after the server has been started. If the network has an IPv6 allocation it will not be displayed on the server deployment page.

This will create 3 allocations. The first is the IPv4 public IP allocation. The /58 IPv6 allocation is an account and region wide IPv6 block that is available for /64 allocations. This allows creating 64 IPv6 allocations in each region.

Create Network

The networks on PhoenixNAP are regional VLAN overlay networks that can then be attached to a server. This allows sharing IPv4 and IPv6 assignments between multiple servers in the region as well as providing local networking between the servers. Open the Networking -> Networks section then click Create a Network. Use the same Location and set the Network Type to Private. Then enter a name for the network and set the VLAN ID to a number below 100. The Network CIDR only needs to be large enough to assign an IP to each bare metal server. Instances running on the bare metal server will not be assigned IP addresses from this network.

Next click Create a Network again to create the public network. Use the same Location and set the Network Type to Public. Then enter a name for the network and set the VLAN ID to a number below 100 that is different from the previous network VLAN ID.

Select assign a public IPv4 allocation and select the allocation created earlier. Then select the public IPv6 allocation created earlier.

This will then show the two networks in the Public and Private tabs. This network information will be needed later in the configuration. To create servers in other regions repeat the steps to create networks for each region.

Deploying a Server

Open the Servers section and click Deploy New Server. Select the same Location that contains the networks. Select a billing model and instance type then select either AlmaLinux 9 or Oracle Linux 9. Then click Next.

On the next page enter a Hostname and set Software RAID to RAID 1. Most of the servers will have two NVMe drives allowing for RAID 1, verify on the right side of the page. If there is not two drives use No RAID. Leave the Root Partition option empty then add Public SSH Keys. Note the username shown in the Public SSH Keys section. This will be the username needed to connect to the server.

On the next page select Do not assign a public IPv4 allocation instead a public IP from the public network will be used. Click Add to Network then select the Public Network created in the previous steps. Then select the first IPv4 network segment and the first IP address from the segment. Click Add to Network in the Private Networks sections and select the private network created earlier. Leave the Default Gateway empty then click Deploy New Server.

Install Pritunl Cloud

The Installation documentation has more information on the commands that will be run below. Refrence this for more information. This section also explains how to upgrade the MongoDB server. First install MongoDB inside Podman using the commands below.

sudo dnf -y install git-core podman

git clone https://github.com/pritunl/toolbox.git
cd toolbox/mongodb-container
sudo podman build --rm -t mongo .
cd

sudo mkdir /var/lib/mongo
sudo chown 277:277 /var/lib/mongo
sudo podman run -d --name mongodb --restart=always -e DB_NAME=pritunl-cloud -e CACHE_SIZE=1 --cpus 1 --memory 2g --user mongodb -v /var/lib/mongo:/data/db:Z -p 127.0.0.1:27017:27017 localhost/mongo

sleep 3
sudo cat /var/lib/mongo/credentials.txt

Then install and start Pritunl Cloud with the commands below. Pritunl Cloud will automatically read the credentials from the path above if it exists. If the MongoDB database is hosted in another way add the MongoDB URI to /etc/pritunl-cloud.json .

sudo tee /etc/yum.repos.d/pritunl.repo << EOF
[pritunl]
name=Pritunl Repository
baseurl=https://repo.pritunl.com/stable/yum/almalinux/10/
gpgcheck=1
enabled=1
gpgkey=https://raw.githubusercontent.com/pritunl/pgp/master/pritunl_repo_pub.asc
EOF

sudo dnf -y update

sudo dnf -y remove iptables-services
sudo systemctl stop firewalld.service
sudo systemctl disable firewalld.service

sudo sed -i 's/^SELINUX=.*/SELINUX=permissive/g' /etc/selinux/config
sudo setenforce 0

sudo dnf -y install iptables net-tools ipset ipvsadm xorriso qemu-kvm qemu-img swtpm swtpm-tools
sudo dnf -y install pritunl-cloud
sudo systemctl enable --now pritunl-cloud

Configure Pritunl Cloud

First get the default password by running the command below. Then use this to login to the web console running on HTTPS port 443.

sudo pritunl-cloud default-password

Pritunl Cloud will attempt to read the PhoenixNAP network configuration from cloud-init this should still be verified or configured if the auto configuration failed. Open the IP Blocks tab in the Pritunl Cloud web console. Create a block for the public IPv4 addresses if it doesn't exist and fill in the fields. Set the Network Mode to IPv4. The VLAN field should be blank, the block will attach to the VLAN interface and should not be set here. This option is for more advanced VLAN configurations that use bridge interfaces on the host. The Netmask should match the CIDR, use the conversions below or use a subnet calculator for other CIDRs. The IP Addresses should contain the subnet and CIDR listed in the PhoenixNAP CIDR field. The Gateway should be one address after the address shown in the CIDR field. The IP Excludes should exclude the public IP of the PhoenixNAP server with a /32 CIDR.

/28 - 255.255.255.240
/29 - 255.255.255.248

Then create or if it already exists verify a block for the IPv6 addresses. Set the Network Mode to IPv6. The VLAN field should be blank. Add the IPv6 /64 from the PhoenixNAP CIDR field to IPv6 Addresses. Then copy that same address and remove the /64 and add a 1 to the end for the IPv6 Gateway.

Once the blocks have been configured open the node settings in the Nodes tab. Set the Network IPv4 Mode and Network IPv6 Mode to Static. Remove the default pritunlhost0 internal interface then set Internal Interfaces to the internal VLAN interface. This should display the private IPv4 address on the dropdown selection.

For the External IPv4 Block Attachments and External IPv6 Block Attachments select the external VLAN interface. This interface should display the public IPv4 address on the dropdown selection. Select the IPv4 and IPv6 blocks that were created in the previous step.

Multiple block attachments can be configured to add additional VLANs. This allows adding additional public IP addresses without losing the existing assignment.

Disable Default instance public IPv4 address and enable Default instance public IPv6 address. Then enable both Jumbo frames options.

Open the Datacenters tab and verify the Network Mode is set to VXLAN.

Open the Authorities tab. These store SSH credentials that will be applied to instances based on matched roles. If an instance has a role that matches the authority role that SSH key will be added to the instance under the cloud username. The name of the authority does not change the username it will always be the cloud user. Select the pre-created authority and paste your public SSH key in the SSH Key field and click Save. When creating an instance or pod add the instance role to include this SSH key to allow for SSH access.

This completes the configuration for a Pritunl Cloud server on PhoenixNAP. The next section linked below will explain creating a pod. These sections assumes instance public IPv4 and IPv6 addresses are not available. The YAML option publicAddress: true can be added to the pod specs to include a public IPv4 address on those pods.